As consumers, we are technology junkies searching for the next great fix, and companies around the world are racing to deliver the coolest new distraction. Sounds great, right? There’s just one problem: companies are working under relentless pressure and impossibly tight deadlines that are quite literally harmful to us, and lead to greater technology risk. Remember that awesome smartphone with the iris recognition system, the Secure Folder security feature, and the battery that had the unfortunate habit of exploding? What about the time Amazon lost hundreds of millions of dollars over a typo? With this never ending demand for newer, cooler technology, many businesses today find themselves sacrificing security and operation in order to release as quickly as possible.
The latest US Department of Defense ‘Red Disk’ data security leak is yet another indicator of how current cybersecurity thinking is entirely out of sync with the broader changes in IT that have taken place over the last 20 years. The explosion of IT systems, networks, users, clouds, and devices has caused the size of the typical enterprise’s attack surface to expand exponentially. Any user or device can be the weakest link and become the steppingstone to a major data breach.
Large enterprises like Equifax, Target, Sony and Home Depot may have grabbed headlines for cyber attacks, but small to mid-size businesses are the most exposed and the easiest prey. That’s because small businesses have fewer resources and may falsely believe that hackers only target large organizations. Last year, small organizations accounted for 85% of data breach claims, and breaches of less than 10,000 records cost on average $4.66 million.
More companies are moving towards cloud technologies for lower costs, faster time to market, and increased employee productivity. However, the vulnerability of common cloud servers creates many new security challenges, the full impact of which we are just starting to determine. Spohn Security Solutions offers advice on catching vulnerabilities and proofing your company against cloud attacks.